Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this pageProducts used
Looking for more inspiration?Visit the

30102: TLS certificate for your Domain has expired.

ERROR: 30102

error-30102 page anchor
MESSAGING
ERROR

Description

description page anchor

This error occurs when the TLS certificate for your Twilio Link Shortening domain has expired. When the certificate expires, link shortening can fail, links can break, and Twilio can fall back to sending the original long links if ContinueOnFailure is enabled for the domain.

Possible causes

possible-causes page anchor
  • You are using a bring-your-own certificate for the Link Shortening domain, and the certificate reached its expiration date before you uploaded a replacement.
  • You are managing certificates manually, and the replacement certificate or private key was not uploaded through the Console or the domain's Certificate subresource before the old certificate expired.
  • If you use a Twilio-managed certificate, your DNS uses CAA records that do not allow letsencrypt.org, which can prevent certificate requests and renewals. This is an inference based on Twilio's stated certificate renewal requirement.

Possible solutions

possible-solutions page anchor
  • Replace the expired certificate. In the Console, upload a new certificate and private key for the Link Shortening domain. If you use the API, send a POST request to the domain's Certificate subresource with TlsCert set to the concatenated certificate and private key.
  • If you want Twilio to handle certificate requests and renewals, switch to a Twilio-managed certificate by using Certificate Manager or the Link Shortening RequestManagedCert subresource. This is the preferred setup.
  • If you continue to use your own certificate, make sure the certificate and private key are in PEM format, include the full certificate chain, and use the required -----BEGIN CERTIFICATE----- and -----BEGIN PRIVATE KEY----- boundaries.
  • After you upload a new certificate, allow up to five minutes for validation, then check the certificate status with a GET request to the domain's Certificate subresource.
  • To reduce the chance of future outages, create an Alarm for 30131 so you receive a warning before the certificate expires.
  • If you need messages to continue sending when Link Shortening fails, review the domain setting for ContinueOnFailure. When enabled, Twilio sends the original long links, which can increase message segments and costs.

Additional resources

additional-resources page anchor